hashcat Forum
VeraCrypt Decryption [mac OSX] - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Support (https://hashcat.net/forum/forum-3.html)
+--- Forum: hashcat (https://hashcat.net/forum/forum-45.html)
+--- Thread: VeraCrypt Decryption [mac OSX] (/thread-7661.html)



VeraCrypt Decryption [mac OSX] - yupa - 07-13-2018

Hello dear community, 

I have a problem and I need your help. I can't get it done for days. 
Hopefully you can help me and this problem can help others who have the same problem. 

I have forgotten my VeraCrypt password and want to recover it. I also know the word combinations, which could help me with the Combinator attack. 

---------------------

Information about the VeraCrypt-File:

Encryption Alg.: AES

Primary Key Size: 256 bits
Secondery key size (XTS mode): 256 bits
PKCS-5 PRF: HMAC-SHA-512
Hidden Volume Protected: no

Information about my operating system and Hashcat:

I am using Mac-Pro and installed hashcat via terminal link (GitHub).

---------------------

Problems:

1st problem: Combinator Attack does not work 
./hashcat -a 1 -m 0 example0.hash mydict2.dict mydict2.dict 

It is executed, but the words in mydict2.dict do not combine.
In mydict2.dict are words (letters, numbers). 

-------

2nd Problem: Brute-force attack 
./hashashcat -m 13721 -a 3 Vera.txt

I saved my VeraCrypt container as Vera. Then I added.txt after Vara, so hashcat recognizes the file (Vera.txt).

Where is the error here?

I would be very happy if you could help me!


Kind regards


RE: VeraCrypt Decryption [mac OSX] - undeath - 07-14-2018

(07-13-2018, 07:17 PM)yupa Wrote: It is executed, but the words in mydict2.dict do not combine.
In mydict2.dict are words (letters, numbers). 
How did you determine that?

(07-13-2018, 07:17 PM)yupa Wrote: I saved my VeraCrypt container as Vera. Then I added.txt after Vara, so hashcat recognizes the file (Vera.txt).

First, hashcat does not care about file extensions. Second, you can't just point hashcat to the volume. You have to extract the necessary information from the file. See https://hashcat.net/wiki/doku.php?id=frequently_asked_questions#how_do_i_extract_the_hashes_from_truecrypt_volumes
Third, you're doing a mask attack but are not specifying a mask.